Abstract
Before describing information security governance, we need at least an overview of corporate governance as a context. Fundamentally, corporate governance concerns the means by which managers are held accountable to stakeholders (e.g., investors, employees, society) for the use of assets and by which the firm's directors and managers act in the interests of the firm and these stakeholders. Corporate governance specifies the relationships between, and the distribution of rights and responsibilities among, the four main groups of participants in a corporate body:
-
Board of directors
-
Managers
-
Workers
-
Shareholders or owners